CVE-2008-0632
published 2008-02-06CVE-2008-0632: Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an…
PriorityP258critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
6.36%
92.8th percentile
Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root directory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lightblog | lightblog | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated POST requests to cp_upload_image.php, especially those uploading files with executable extensions (e.g., .php). ↗
- →Alert on direct HTTP GET requests to files with executable extensions (e.g., .php) under the blog's /images/ directory, which may indicate post-upload webshell access. ↗
- →Search for LightBlog installations exposed to the internet using the Google dork: "Powered by LightBlog". ↗
- ·The PoC uses localhost paths; in real deployments, the blog root and /images/ directory path will vary. Detections should be adapted to match the actual installation path. ↗
- ·The vulnerability affects LightBlog version 9.5 specifically; a vendor patch was issued. Verify version before applying detections to avoid false positives on patched installs. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://omni.netsons.org/blog/?p=11http://secunia.com/advisories/28734http://securityreason.com/securityalert/3617http://www.securityfocus.com/archive/1/487398/100/0/threadedhttp://www.securityfocus.com/bid/27562https://www.exploit-db.com/exploits/5033http://omni.netsons.org/blog/?p=11http://secunia.com/advisories/28734http://securityreason.com/securityalert/3617http://www.securityfocus.com/archive/1/487398/100/0/threadedhttp://www.securityfocus.com/bid/27562https://www.exploit-db.com/exploits/5033
2008-02-06
Published